h1

Botnets – What are they, and why do I need to be concerned about them?

March 17, 2010

You may or may not have heard this term before. Technology has a language of its own, and botnet is a new word that has come from the explosion of computers in the home and workplace. There is ample reason to be concerned. Their effects can range from mere annoyance to devastating security breaches that can bring your financial institution to its knees.

What is a botnet ?
A botnet is a group of computers hosting a bot (derivative of robot). A bot is a small computer program that can be placed on your computer, and is programmed to respond to commands from another bot or person controlling them through the internet. They can be used for constructive purposes such as distributed processing or for evil-doing such as using your computer to attack web sites or stealing passwords. The term botnet is usually used to refer to computers that have been compromised by bots installed against the owner’s will and in most cases, without their knowledge. This can happen in a number of ways including opening an email or attachment, visiting a “dangerous” web site, or clicking a pop-up window while visiting a web site. A botnet can cover an extremely large geographic area, limited only by the availability of Internet access. A single botnet has been known to infect as many as 1.2 million computers and can be distributed on a global scale.

Is a botnet the same as a virus?
Botnets differ from viruses in that by themselves they will do nothing until they are activated by an outside source. They can be activated by another infected computer or from the creator of the bot, issuing a command from a remote computer. Once they are activated, the botnet’s impact can vary from overwhelming a web site with requests to the point where it’s no longer able to respond to valid requests to stealing your customers’ account numbers and passwords.

How can this affect my organization?
A botnet can be detrimental to a financial institution and its customers. If your organization is infected, botnets can intercept accounts and passwords, as well as infect computers belonging to customers who are logging on to your website. Severity may range from a sluggish or disabled website to the dreaded prospect of notifying customers that the security of their accounts has been compromised. This can cause irreversible damage to your organization’s reputation, at further cost to your business.

How can I secure my organization’s computers from botnets?
Of course, you cannot control your customers’ activities online or how they handle their e-mail, but here are 10 steps that can be taken to secure your organization’s computer network:

1. Keep your computers updated with all available security patches for the operating system as well as installed applications.

2. Install and regularly update anti-virus and anti-spyware software. Usually, by default these are configured to update themselves automatically.

3. Maintain and enforce company policy specifying employee use of computers. Many websites, particularly porn and “Warez”, which is pirated software, are regularly hacked into for the purpose of distributing bots and other malware.

4. If opening an email from someone you don’t know, it’s best to do so through your ISP’s web interface, with HTML turned off. This will prevent a bot from being installed by the email. Also, it prevents any embedded code from sending a message back to the sender informing him/her that your e-mail address is a valid existing e-mail address. This will help to reduce spam, as the spammers maintain lists of known good email addresses.

5. Never open an e-mail attachment from someone you don’t know, and are not expecting. This is one of the most common methods by which bots are installed on computers.

6. Never click anywhere in a pop-up window claiming that your computer is infected, or has any other problems. These pop-ups are used to sell diagnostic software that is usually not needed and can be a Trojan. This is another way bots can be installed on your computer. If you see one of these pop-ups, you may click the “X” in the upper right-hand corner to close it. If there isn’t one, logging off Windows or restarting the computer will force it to close. You can disable pop-ups completely, but be aware that some websites will not work properly if you do so.

7. Your organization’s hardware firewall can usually be configured to help minimize the effects of a DDOS attack. This happens when a huge number of computers try to contact your website at one time, overwhelming it to the point that it is unable to respond to legitimate requests, and may even require rebooting your server. If your company’s router is configured to ignore PING requests, the effect of a DDOS attack will be minimized.

8. You should also install a software firewall on each computer, or at least make sure that the Windows firewall is enabled. A software firewall can prevent certain programs from sending information over the internet while allowing others to do so. It acts as a traffic cop allowing only trusted programs to access the internet and send data, such as your web browser and your e-mail program. If you see a message alerting you to the fact that “XYZ program” is attempting to connect to the internet, you can choose whether to allow or deny it.

9. You can periodically provide your customers with a flyer outlining measures they can do to protect their own computers. By helping to keep your customers’ computers safe, you are also protecting yourself.

10. Also important is the regular scheduling of security audits. This can identify weak spots in your organization’s security implementation, as well as provide suggestions and other assistance in closing the gap. It can be very easy to develop blind spots in an area not well related to what you do best.

What have I learned?
A bot is a computer program that can be installed unwillingly on a computer, even without your knowledge. It can be installed through something as simple as an email or a pop-up window. A botnet can severely cripple your organization’s ability to do business, as well as cause devastating and irreversible damage to your organization’s reputation. The great news is, there are steps that can be taken to help secure your organization from botnet attacks. TrustCC can help defend your organization from botnet attacks and manage all your security needs!

– TrustCC

This post was written by Peter Stallone, TrustCC Intern, Bates Technical College Student.  Welcome to the team Peter!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: